summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulian Andres Klode <julian.klode@canonical.com>2025-01-27 17:34:45 +0100
committerJulian Andres Klode <julian.klode@canonical.com>2025-01-28 19:48:47 +0100
commit4059a1544323b945a81e5ef0faea4a3b109f36bf (patch)
treeeb7cb387e75de057ef3e8cd56e00f13882ebc9a0
parent9d7a660611e9e134cd6d74a594bde59cad77c8d8 (diff)
Make notices about .list sources without signed-by less obnoxious
-rw-r--r--apt-private/private-update.cc41
-rwxr-xr-xtest/integration/test-apt-get-update-sourceslist-warning20
2 files changed, 41 insertions, 20 deletions
diff --git a/apt-private/private-update.cc b/apt-private/private-update.cc
index 2b96f48fb..bd8823568 100644
--- a/apt-private/private-update.cc
+++ b/apt-private/private-update.cc
@@ -106,23 +106,40 @@ bool DoUpdate()
if (_config->FindB("APT::Get::Update::SourceListWarnings::SignedBy", SLWarnings))
{
- bool allDeb822 = true;
+ bool modernize = false;
for (auto *S : *List)
{
- if (not S->GetSignedBy().empty())
- continue;
-
URI uri(S->GetURI());
- // TRANSLATOR: the first is manpage reference, the last the URI from a sources.list
- _error->Notice(_("Missing Signed-By in the %s entry for '%s'"),
- "sources.list(5)", URI::ArchiveOnly(uri).c_str());
- allDeb822 &= S->HasFlag(metaIndex::Flag::DEB822);
+
+ if (not S->HasFlag(metaIndex::Flag::DEB822))
+ {
+ // TRANSLATOR: the first is manpage reference, the last the URI from a sources.list
+ _error->Audit(_("The %s entry for '%s' should be upgraded to deb822 .sources"),
+ "sources.list(5)", URI::ArchiveOnly(uri).c_str());
+ }
+ if (S->GetSignedBy().empty())
+ {
+ if (S->HasFlag(metaIndex::Flag::DEB822))
+ {
+ // TRANSLATOR: the first is manpage reference, the last the URI from a sources.list
+ _error->Notice(_("Missing Signed-By in the %s entry for '%s'"),
+ "sources.list(5)", URI::ArchiveOnly(uri).c_str());
+ }
+ else
+ {
+ // TRANSLATOR: the first is manpage reference, the last the URI from a sources.list
+ _error->Audit(_("Missing Signed-By in the %s entry for '%s'"),
+ "sources.list(5)", URI::ArchiveOnly(uri).c_str());
+ modernize = true;
+ }
+ }
}
- if (not allDeb822)
+ if (modernize)
{
- _error->Notice(_("Consider migrating all sources.list(5) entries to the deb822 .sources format"));
- _error->Notice(_("The deb822 .sources format supports both embedded as well as external OpenPGP keys"));
- _error->Notice(_("See apt-secure(8) for best practices in configuring repository signing."));
+ _error->Audit(_("Consider migrating all sources.list(5) entries to the deb822 .sources format"));
+ _error->Audit(_("The deb822 .sources format supports both embedded as well as external OpenPGP keys"));
+ _error->Audit(_("See apt-secure(8) for best practices in configuring repository signing."));
+ _error->Notice(_("Some sources can be modernized. Run 'apt modernize-sources' to do so."));
}
}
diff --git a/test/integration/test-apt-get-update-sourceslist-warning b/test/integration/test-apt-get-update-sourceslist-warning
index 7e27e4825..5a941dae6 100755
--- a/test/integration/test-apt-get-update-sourceslist-warning
+++ b/test/integration/test-apt-get-update-sourceslist-warning
@@ -46,14 +46,18 @@ msgmsg 'Detect login info embedded in sources.list'
echo 'deb http://apt:debian@example.org/debian bookworm main' > rootdir/etc/apt/sources.list.d/example.list
testsuccessequal "$BOILERPLATE
N: Usage of apt_auth.conf(5) should be preferred over embedding login information directly in the sources.list(5) entry for 'http://example.org/debian'
-N: Missing Signed-By in the sources.list(5) entry for 'http://example.org/debian'
-N: Consider migrating all sources.list(5) entries to the deb822 .sources format
-N: The deb822 .sources format supports both embedded as well as external OpenPGP keys
-N: See apt-secure(8) for best practices in configuring repository signing." apt update --no-download
+A: The sources.list(5) entry for 'http://example.org/debian' should be upgraded to deb822 .sources
+A: Missing Signed-By in the sources.list(5) entry for 'http://example.org/debian'
+A: Consider migrating all sources.list(5) entries to the deb822 .sources format
+A: The deb822 .sources format supports both embedded as well as external OpenPGP keys
+A: See apt-secure(8) for best practices in configuring repository signing.
+N: Some sources can be modernized. Run 'apt modernize-sources' to do so." apt update --no-download --audit
echo 'deb tor+https://apt:debian@example.org/debian bookworm main' > rootdir/etc/apt/sources.list.d/example.list
testsuccessequal "$BOILERPLATE
N: Usage of apt_auth.conf(5) should be preferred over embedding login information directly in the sources.list(5) entry for 'tor+https://example.org/debian'
-N: Missing Signed-By in the sources.list(5) entry for 'tor+https://example.org/debian'
-N: Consider migrating all sources.list(5) entries to the deb822 .sources format
-N: The deb822 .sources format supports both embedded as well as external OpenPGP keys
-N: See apt-secure(8) for best practices in configuring repository signing." apt update --no-download
+A: The sources.list(5) entry for 'tor+https://example.org/debian' should be upgraded to deb822 .sources
+A: Missing Signed-By in the sources.list(5) entry for 'tor+https://example.org/debian'
+A: Consider migrating all sources.list(5) entries to the deb822 .sources format
+A: The deb822 .sources format supports both embedded as well as external OpenPGP keys
+A: See apt-secure(8) for best practices in configuring repository signing.
+N: Some sources can be modernized. Run 'apt modernize-sources' to do so." apt update --no-download --audit